Sudan does not have a comprehensive regime in place for personal data, but it has the Electronic Transactions Act 2007 as a sectoral regulation. A data protection authority has not yet been appointed.

According to Art. 6 of the Anti-Money Laundering and Combating the Financing of Terrorism Act 2014, financial and non-financial institutions are required to keep records and data relating to customers and transactions and ensure that these records and information are made available to the competent authorities with reasonable speed. The records must be kept for a period of at least five years after the termination of the business relationship or the execution of the incidental transaction, whichever is longer. The article also stipulates that records and data relating to domestic and international transactions, whether executed or attempted, should be kept for at least five years after the transaction, and such records shall be detailed enough to allow the steps of each transaction to be tracked separately.

Art. 74 of the Telecommunications and Postal Regulation Law authorises the interception, surveillance, and eavesdropping of communications. Such actions may be mandated by a prosecutor or a specialised judge. Additionally, interception may be authorised by the General National Intelligence Service, Military Intelligence, or the Federal Police. Art. 25 of the Law imposes an obligation on telecommunications operators to grant the Telecommunication and Postal Regulation Authority access to their facilities, networks, and equipment, and to allow the installation of devices necessary for performance measurement and monitoring. Reports indicate that, under this legislation, telecommunications companies are required to provide customer data to authorities upon request.

Sudan lacks a comprehensive regime for the protection of trade secrets.

It is reported that there is an obligation for passive infrastructure sharing in Sudan to deliver telecom services to end users. It is practised in both the mobile and fixed sectors based on commercial agreements. However, the relevant law has not been found.

Sudan is not a signatory of the 1996 World Trade Organization (WTO) Information Technology Agreement (ITA) nor the 2015 expansion (ITA II). Sudan is not a member of the WTO but holds observer status.

Chapter 5 of the Purchasing, Contracting and Surplus Disposal Act stipulates that:
- Priority in contracting for the purchase and implementation of works shall be given to Sudanese individuals and institutions licensed to operate according to this Act (Art. 14.14);
- The Ministry may specify some works and contracts whose implementation must be entrusted to Sudanese contractors, and the projects can also be divided to allow Sudanese contractors to qualify and implement them (Art. 14.15); and
- Government agencies are required to prioritise Sudanese industries and products, provided they meet the intended purpose of the purchase (Art. 14.19).

The Purchasing, Contracting, and Surplus Disposal Act has introduced several limitations on foreign participation in public procurement, including:
- Foreign bidders must use local suppliers for specific services and ensure that at least 20% of the project is carried out by Sudanese contractors (Art. 14.16).
- Contractors are also obligated to purchase necessary tools and equipment from Sudanese agents, with direct imports allowed only if items are unavailable locally (Art. 14.17).
- National products may be procured if their prices do not exceed foreign alternatives by more than 10%, with foreign products acceptable only if they meet the required specifications (Art. 14.20).

Sudan is not a party to the World Trade Organization (WTO) Agreement on Government Procurement (GPA), nor does it have observer status. In fact, Sudan is not a member of the WTO.

According to Art. 18 of the Investment (Encouragement) Act, foreign investment is restricted in certain sectors as designated by the Minister. It is reported that such restrictions include a prohibition on foreign capital participation in most areas of telecommunications services.

According to Art. 39.2 of the Companies Act, at least one of the directors on the board of any company must be a resident of Sudan.

Pursuant to Art. 22.1 of the Investment (Encouragement) Act, foreign investors are required to provide a minimum amount of foreign capital. Reports indicate that this amount must be no less than USD 250,000 or its equivalent in foreign currencies approved by the Central Bank of Sudan, as proof of commitment. It is anticipated that forthcoming regulations shall clarify the specific authority to which investors must remit this amount, as the New Investment Act does not currently stipulate this. The capital provided will be allocated to financing the respective project upon the issuance of the relevant license (Art. 22.2).

According to Art. 33 of the Companies Act 2015, companies incorporated outside Sudan that wish to conduct business within the country must establish a branch in Sudan. Additionally, companies engaged in projects in Sudan are required to set up a branch specifically for the duration and purpose of the project (Art. 34).

According to Art. 12.1 (a) of the Patents Act, the complete name and address of the patent applicant are required. The applicants with an address outside of Sudan must provide a local address for their activity within the country.